Thanks all!
Now the reason that I want to use the Event Sink way is because there
is no more need then that... And like said, GFI is no longer. Neither
the doc on Smallbizz.
I know there is a manipulation needed on SMTP level, but I just don't
see it. If somebody knows the little trick (was it
Are you using the SBS's SMTP connector or using the
http://support.microsoft.com/?id=317327 info there?
Marette's instructions to remove the SBS's native smtp connection, build
a new one that listens on port 26, the time it would have taking me to
follow her instructions.. I saved the time
That's what I used, but in VBScript (the brother of the article you send).
I indeed can bind that event sink to the default SMTP virtual server,
but I don't see the disclaimers on external addresses. Then I saw that
Marette had instructions involving some manipulation on SMTP in case
you're
http://www.msexchange.org/articles/Disclaimer-Fun.html
Glutten for punishment aren't ya?
Bart Van den Wyngaert wrote:
That's what I used, but in VBScript (the brother of the article you
send).
I indeed can bind that event sink to the default SMTP virtual server,
but I don't see the
*NOTE:* For single server configurations there is an issue that may
prevent the described method from working as expected. Microsoft had a
KB article – Q288756: SMTP Transport Event Does Not Fire For MAPI
Messages – which was retired because the provided workaround (creating a
second SMTP
I'm blessed I know :-)
That article I didn't came accross last night actually. Although the
info in that artcile I already did find. Performace isn't an issue btw
(min. 10 users).
Like I said before: I find this a real missing feature of Exchange...
As the author states, it's the most
Look for 1b and 1c records in WINS for the defunct domain.
Remove them and wait for WINS replication.
You should also use ntdsutil and remove the redundant AD
objects too.
You can never stop ppl creating new workgroups - you should
be able to determine the IP address of their members
Title: Setting FFL=2 automatically when building first DC in forest
According to http://support.microsoft.com/kb/223757/en-us the SetForestVersion entry in the dcpromo answer file can only be used to set FFL to 1 or 0 when building a new forest.
Is this correct? I'd like to automate the
I've done this a couple of times, but on the exchange gateway servers, not
on an SBS box. I've never seen SBS.
Anyway, the easiest way to do this is to create a second virtual SMTP server
and set it to listen on port 26 (and send on 25). Configure the first
virtual server to send on 26 (its
I've never seen SBS, but my younger brother has just started a new job
(first one since leaving Uni) and bought a new server and it came with SBS.
When he built it it appeared he had no choice but to make it a DC, even
though he only wanted it as a member server -there's already an SBS box
You should only have one SBS per domain, and also per subnet. You should
be able to get round this by disabling DHCP on the new server... or
putting it on a different subnet, etc.
SBS is by it's nature a DC. You can go around hacking bits out of the
registry but you will end up violating the
Thanks Paul, as they are currently working (GMT+1), I will test again
this evening and post my findings here.
As you pointed out: troubleshooting is a real pain in the ass... Yes
I'm using VBScript, I have more experience with that then VB itself
and that makes it more easy for me.
Indeed MAPI
Perhaps it's an idea for them for the future releases
The functionality has been implemented in EX2K7.
Cheers,
Victor
- Oorspronkelijk bericht -
Van: Bart Van den Wyngaert [EMAIL PROTECTED]
Datum: donderdag, augustus 3, 2006 12:10 pm
Onderwerp: Re: [ActiveDir] OT - Adding disclaimer on
The feature is in Exchange 2007.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bart Van den
Wyngaert
Sent: Thursday, August 03, 2006 6:10 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT - Adding disclaimer on E2K3 on a SBS 2K3 box
Hoorah !! :-)
On 8/3/06, Michael B. Smith [EMAIL PROTECTED] wrote:
The feature is in Exchange 2007.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bart Van den
Wyngaert
Sent: Thursday, August 03, 2006 6:10 AM
To: ActiveDir@mail.activedir.org
Subject:
Title: Setting FFL=2 automatically when building first DC in forest
It might be worth looking at the
%systemroot%\system32\schema.ini file again. I just had a poke around in
there after reading Dean's answer to your question yesterday and the first
section, the [DEFAULTROOTDOMAIN] section is
Title: Setting FFL=2 automatically when building first DC in forest
As we English like to say on an unbelievably regular basis
same again please. In this context however, Im
referring to the file I mentioned earlier this week, the SCHEMA.INI.
Locate the [Partitions] section, roughly 9
Title: Setting FFL=2 automatically when building first DC in forest
Thats v. close my mint-sauce-fearing friend but its
likely that that will set only the dom. func. level to K3 native (though to be
honest Ive not tried). So, since forests tend to drag domains with
them, functional level
Thanks Neil -How would one determine the IP of the members of a particular workgroup ?RE: NTDSUTIL - just do a search, that matches the whole string, for the domain name ? and remove accordingly ?
On 8/3/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Look for 1b and 1c records in WINS for the
Title: Setting FFL=2 automatically when building first DC in forest
Ah nice, you got there before me with a better
answer! :P
I'm poking around in there now, as I'm in a
similar position to Neil a the mo'.
Question: Can I provide schema.ini as an argument
to the promotion or unattended or
I’m gonna read between the lines a little and ask if you previously
trusted these domains?
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of HBooGz
Sent: Wednesday,
Title: Setting FFL=2 automatically when building first DC in forest
I dont believe DCpromo accepts an arg. that redirects its
attention to an alternate schema.ini but, to be honest, Ive not looked
that closely since editing is easy enough (opinion-wise though I doubt it
does one of us
Title: Setting FFL=2 automatically when building first DC in forest
Someone needs to blog / document this file and its features
functionality etc - it's not widely known and understood, I fear :)
[or perhaps it's a well kept secret and I just wasn't allowed to know :)
]
Many thanks again,
Title: Setting FFL=2 automatically when building first DC in forest
LOL. Yep. I'm
adverse to such things as I'm fed up of the damned English, Scottish, Irish,
South African and Australian (and there's a damned cheek) meet'g and bleh'g at
me... ;-)
O
dear - we'll be seeing posts in Welsh
See kb216498 for the info. on the NTDSUTIL
cleanup. Basically you need to perform a metadata, DNS and FRS
cleanup. ThatKB details all the necessary steps.
You'd determine the IP address of the workgroup
by the 1B and 1C records registered for that name.
The domain master browser is
... or loadup "browmon". it's been a while since I
used that, so pls, no questions :)
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Paul
WilliamsSent: 03 August 2006 14:17To:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Remove Defunct
domains..
See
SBS must be a PDC of a network.. you are seeing the effects of SBSCore
a dll that checks to make sure you are running SBS as a domain
controller and that there are no other SBS servers in the network. If it
does, it will say sorry Dude, I ain't running and will reboot
constantly. It's a
Title: Setting FFL=2 automatically when building first DC in forest
Am hwyl, dwi am ymateb drwy beidio a dweud dim
byd mwy nagadlewyrchu dy bwynt!
- Original Message -
From:
[EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Thursday, August 03, 2006 2:10
PM
...and btw we have a lot of SBS boxes installed in homes... in case you
ever want to play with active directory in a home environment :-)
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
SBS must be a PDC of a network.. you are seeing the effects of
SBSCore a dll that checks to make sure
Title: Setting FFL=2 automatically when building first DC in forest
Nod, but sfkds sdkfk skdwpoe cdof slkap d dkds y dlsdk lspw dod sfd
qwpw slla dsk ccdpow yours too.
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
From:
Hyena from http://www.systemtools.com/
is a great tool for doing this, in fact it can do a lot more =)
We use it for compliance reporting,
we build up reports including folder ACL's, local group membership, and
AD group membership including nested group membership. It has some pretty
powerful
Title: Setting FFL=2 automatically when building first DC in forest
Dont you love online translators
Am hwyl, dwi am ymateb drwy beidio a dweud dim byd mwy
nagadlewyrchu dy bwynt! =
About sail , I am being about answer
through cease I go say anything world more nor reflect he covers
Title: Setting FFL=2 automatically when building first DC in forest
Ha ha.
(I don't actually speak Welsh. A friend of
mine translated my English sentance into Welsh for that witty
reply).
- Original Message -
From:
Dean
Wells
To: Send - AD mailing list
Sent:
Title: Setting FFL=2 automatically when building first DC in forest
"Am hwyl, dwi am ymateb drwy beidio a dweud dim
byd mwy nag adlewyrchu dy bwynt!"
=
"Just for fun, I'll respond with an answer that
says nothing but simply illustrates your point."
- Original Message -
Hey Guys -It's really an OLD NT 4.0 domain that was migrated over to 2k and just recently upgraded to 2003 R2. I'm sure i'd have to probably cleanup the metadata, etc.but anyway to curb the creation of these rogue workgroups ? if i can't curb, how i can succesfully remove or be alerted ?
alerting
Hey Guys -I don't get the Exchange tabs ( exchange general, exchange tasks, etc ) when i right-click a user account and select properties when i'm accessing this account from ADUC on a domain controller and on my windows xp machine running adminpack.
the only place,obviously, is on the ADUC
Hi Scott,
Thanks for the reply. Unfortunately,
it didnt seem to grant access. That was definitely one of the
first places I looked to check for permissions that would give me a clue as to
why the username that originally installed Exchange 2003 has access to all
users mailboxes, yet the
Do you have the Exchange System Management
Tools installed on the other domain controllers?
From the Exchange cd, choose Install
System Management Tools Only. Basically you will choose Custom from the Setup
and tell it to only install the Tools, not the Exchange services.
I would be
You need to install the Exch admin tools so that the newer
/ different ADUC snap-in is available.
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
HBooGzSent: 03 August 2006 16:26To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Exchange
attributes..
Hey Guys -I
No. You need to install the Exchange Management Tools on
places where you need those tabs.
That begin said, review this article and the linked
article:
http://blogs.brnets.com/michael/archive/2004/09/14/209.aspx
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
HBooGzSent:
You need to load the ESM on your DCs and/or your XP machine to
see the Exchange tabs. You can load it from your Exchange CD.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of HBooGz
Sent: Thursday, August 03, 2006 10:26 AM
To:
A different approach is for the Exch Full Admin to simply
grant him/herself Full Mailbox Access-Allow on an individual,as-needed
basis. I prefer this because it requires a conscious effort on the admin's part
to access someone else's mailbox, regardless of what your corporate use policies
You simply need to install the Exchange Admin
tools on the system that you want these tabs. Therefore, in your case, you
should install them on your computer and possibly on a DC or two too (depending
on how you work).
--Paul
- Original Message -
From:
HBooGz
To:
Thank you gentleman.On 8/3/06, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
You need to install the Exch admin tools so that the newer
/ different ADUC snap-in is available.
neil
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
HBooGzSent: 03 August 2006 16:26To:
Ben,
I have dealt with this issue before. What it basically comes down to is
creating a new group, putting the member who inherited the deny in that
group and then granting that group an explicit allow to the resource in
question, which will then override the inheritid deny.
See also this
Thats actually a very good idea,
and I may enforce that on them. I suppose if anything, my curiosity is getting
the best of me and Im really wondering what is different between that
delegated security group and the individual account that installed Exchange
which is granting full mailbox
Check to see if someone removed the explicit Deny for the
individual account on Send-As/Receive-As at the Exchange Org level, and if not
whether it's getting overridden by an explicit Allow further down the
hierarchy.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of WATSON,
Nice pointer Hunter! I had forgotten that
tidbit of info I learned awhile ago that a deny doesnt always override a
grant privilege. There was indeed an explicit grant privilege set at the
server level for that individual user account which overrides the deny
privilege set at the
Hey everyone I'm going nuts here and I need some help
Am trying to do a security translation on a pc using ADMT v3.0 and it
gives me this error Unable to access server service on the machine
'MISMCGOWAN'. Make sure netlogon and workstation services are running and
you can authenticate
There was no real reason for a separate domain, other than
it simplified the vendor's support. We ended up creating an OU and delegating
administration to it.
Thanks I promised I would get back to you
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent:
Fixed...nic driver...uninstalled and reinstalled and it workedgo
figure...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Strongosky
Sent: Thursday, August 03, 2006 2:27 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Admt Migration
Touching schema.ini would qualify as very not supported ...
-B
On Thu, 3 Aug 2006, Paul Williams wrote:
Setting FFL=2 automatically when building first DC in forestIt might be worth
looking at the %systemroot%\system32\schema.ini file again. I just had a
poke around in there after reading
Is this stuff you can't do in the unattend.txt and specify an answer
file to dcpromo?
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED] On Behalf Of Brett Shirley
Sent: Thursday, August 03, 2006
Not that I'm aware of. To my mind, the goal of most unattend files is to
remove or reduce human interaction by answering questions presented by a
user-interface, maybe a wizard-ized process or perhaps even 'tweak' a
behavior slightly. Editing such discreet and specific values of the
resulting
Granted ... though perhaps a moot point to those (on the consumer side of
the fence) capable of using such a tweak since proving such usage is
challenging to say the least.
Aside, since its purpose has been well served twice in as many days and on 2
unrelated topics, maybe it could be considered
Hello,
I have some questions about doing a migration from Windows
2000 AD to Win2k3AD. Our current environment entails two Windows 2000 AD domain
controllers running DNS,WINS, DHCP. We also have Exchange 2003 installed on a
separate Windows 2003 Server. We want to keep the same domain
Have you tested against other LDAP systems (like SunONE)? Have a
client who encountered this little issue.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan
Sent: Thursday, August 03,
Chris,
Here is a link to your last question and you can see the follow-ups there too.
http://www.activedir.org/ml/msg11411.aspx
When you say you want to move all services that run on the old DCs to the exchange 2003 boxand your file server does that mean thatyou want the file server to become
Haven't tried it--I don't have any other LDAP servers around that
support SSL to play with. :)
I know for sure that the part about enumerating the domain controllers
won't work. You'd need to supply the list of server names a different
way. However, the actually bind/SSL stuff should work
I might improve it a bit to work with other sources and run on a timer
with email or perhaps integrate with MOM.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED] On Behalf Of Joe Kaplan
Sent:
There's actually other stuff you can do with MOM. I'm not sure exactly how
our MOM AD guy does it, but he has MOM set up to alert him when the local
cert on the DC is getting close to expiration. If you are curious, I'll ask
him.
This tool is more useful for getting a snapshot of the whole
Ive been asked to write a Disaster recovery doc for
our company. Im trying to delete a single user account and do an
authoritative restore of that account.
(in a test environment of course)
Before I deleted the test account I used adsiedit to verify the
path to the account. Cn=test
Just to make sure, you did a system state restore that includes
that user, right?
Is there an attribute (group membership?) that you need such
that you cant just undelete the user?
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From:
[EMAIL PROTECTED]
Microsoft Exchange Troubleshooting Assistant released - get it here
Yesterday we released some new tools to help make your life as an
email admin easier. Its called the Microsoft Exchange
Troubleshooting Assistant v1.0. Heres the description:
The Exchange Troubleshooting Assistant
64 matches
Mail list logo